Lucene search
K

17 matches found

OSV
OSV
added 2026/01/21 4:13 p.m.2 views

GHSA-QV7W-V773-3XQM sm-crypto Affected by Signature Malleability in SM2-DSA

Summary A signature malleability vulnerability exists in the SM2 signature verification logic of the sm-crypto library. An attacker can derive a new valid signature for a previously signed message from an existing signature. Credit This vulnerability was discovered by: - XlabAI Team of Tencent...

7.5CVSS5.9AI score0.0019EPSS
Exploits0References3
OSV
OSV
added 2026/01/21 4:13 p.m.5 views

GHSA-PGX9-497M-6C4V sm-crypto Affected by Private Key Recovery in SM2-PKE

Summary A private key recovery vulnerability exists in the SM2 decryption logic of sm-crypto. By interacting with the SM2 decryption interface multiple times, an attacker can fully recover the private key within approximately several hundred interactions. Credit This vulnerability was discovered...

9.1CVSS5.9AI score0.00209EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/21 12:0 a.m.5 views

PT-2026-3894

Name of the Vulnerable Software and Affected Versions sm-crypto versions prior to 0.3.14 Description The sm-crypto library, providing JavaScript implementations of Chinese cryptographic algorithms SM2, SM3, and SM4, contains a signature malleability issue in its SM2 signature verification logic. ...

7.5CVSS5.4AI score0.0019EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/01/21 12:0 a.m.7 views

PT-2026-3893

Name of the Vulnerable Software and Affected Versions sm-crypto versions prior to 0.3.14 Description sm-crypto, a JavaScript library providing implementations of Chinese cryptographic algorithms SM2, SM3, and SM4, contains a flaw in the SM2 decryption logic. An attacker can recover the private ke...

9.1CVSS5.9AI score0.00209EPSS
Exploits0References17
FreeBSD
FreeBSD
added 2024/02/27 12:0 a.m.48 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 4 security fixes: 324596281 High CVE-2024-1938: Type Confusion in V8. Reported by 5f46f4ee2e17957ba7b39897fb376be8 on 2024-02-11 323694592 High CVE-2024-1939: Type Confusion in V8. Reported by Bohan Liu @P4nda20371774 of Tencent Security Xuanwu Lab on...

8.8CVSS7.1AI score0.02557EPSS
Exploits3References1
Apple
Apple
added 2019/01/23 9:35 a.m.35 views

About the security content of iCloud for Windows 7.9 - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. For more information about security, se...

8.8CVSS0.3AI score0.12808EPSS
Exploits14Affected Software1
Tenable Nessus
Tenable Nessus
added 2018/04/25 12:0 a.m.31 views

FreeBSD : chromium -- vulnerability (36ff7a74-47b1-11e8-a7d6-54e1ad544088)

Google Chrome Releases reports : 62 security fixes in this release : - 826626 Critical CVE-2018-6085: Use after free in Disk Cache. Reported by Ned Williamson on 2018-03-28 - 827492 Critical CVE-2018-6086: Use after free in Disk Cache. Reported by Ned Williamson on 2018-03-30 - 813876 High...

8.8CVSS7AI score0.09186EPSS
Exploits4References36
0day.today
0day.today
added 2017/09/02 12:0 a.m.57 views

OpenJPEG - mqc.c Heap-Based Buffer Overflow Exploit

Exploit for linux platform in category dos / poc DESCRIPTION An Out-of-Bounds Write issue can be occurred in function opjmqcbyteout of mqc.c during executing opjcompress. This issue was caused by a malformed BMP file. CREDIT This vulnerability was discovered by Ke Liu of Tencent's Xuanwu LAB...

4.3CVSS7.2AI score0.08253EPSS
Exploits1
exploitpack
exploitpack
added 2017/09/01 12:0 a.m.16 views

OpenJPEG - mqc.c Heap Buffer Overflow

OpenJPEG - mqc.c Heap Buffer Overflow DESCRIPTION An Out-of-Bounds Write issue can be occurred in function opjmqcbyteout of mqc.c during executing opjcompress. This issue was caused by a malformed BMP file. CREDIT This vulnerability was discovered by Ke Liu of Tencent's Xuanwu LAB. TESTED VERSION...

0.9AI score
Exploits0
Exploit DB
Exploit DB
added 2017/09/01 12:0 a.m.35 views

OpenJPEG - 'mqc.c' Heap Buffer Overflow

DESCRIPTION An Out-of-Bounds Write issue can be occurred in function opjmqcbyteout of mqc.c during executing opjcompress. This issue was caused by a malformed BMP file. CREDIT This vulnerability was discovered by Ke Liu of Tencent's Xuanwu LAB. TESTED VERSION Master version of OpenJPEG 805972f,...

7.4AI score
Exploits0
Hacker One
Hacker One
added 2016/09/20 2:47 a.m.27 views

Internet Bug Bounty: PHP Integer Overflow in gdImageWebpCtx

PHP Integer Overflow in gdImageWebpCtx 1. Affected Version + PHP 7.0.10 2. Credit This vulnerability was discovered by Ke Liu of Tencent's Xuanwu LAB. 3. Testing Environments + OS: Ubuntu + PHP: 7.0.10 + Compiler: Clang + CFLAGS: -g -O0 -fsanitize=address 4. PoC 5. Vulnerability Details...

7.5AI score
Exploits0
Hacker One
Hacker One
added 2016/09/20 2:33 a.m.68 views

Internet Bug Bounty: CVE-2016-7418 PHP Out-Of-Bounds Read in php_wddx_push_element

CVE-2016-7418 PHP Out-Of-Bounds Read in phpwddxpushelement 1. Affected Version + PHP 7.0.10 + PHP 5.6.25 2. Credit This vulnerability was discovered by Ke Liu of Tencent's Xuanwu LAB. 3. Testing Environments + OS: Ubuntu + PHP: 7.0.10 + Compiler: Clang + CFLAGS: -g -O0 -fsanitize=address 4. PoC...

5CVSS8.1AI score0.11402EPSS
Exploits1
Hacker One
Hacker One
added 2016/09/13 8:24 a.m.34 views

Internet Bug Bounty: CVE-2016-3182 OpenJPEG color_esycc_to_rgb Out-of-Bounds Read Vulnerability

CVE-2016-3182 OpenJPEG coloresycctorgb Out-of-Bounds Read Vulnerability 1. About OpenJPEG OpenJPEG is an open-source JPEG 2000 codec written in C language. It's widely used in lots of Linux OSes such as Ubuntu, RedHat, Debian, Fedora, and so on. The official repository of the OpenJPEG project is...

4.3CVSS7.5AI score0.01487EPSS
Exploits0
Hacker One
Hacker One
added 2016/09/11 6:18 a.m.44 views

Internet Bug Bounty: CVE-2016-7163 OpenJPEG opj_pi_create_decode Integer Overflow Vulnerability

OpenJPEG opjpicreatedecode Integer Overflow Vulnerability 1. About OpenJPEG OpenJPEG is an open-source JPEG 2000 codec written in C language. It's widely used in lots of Linux OSes such as Ubuntu, RedHat, Debian, Fedora, and so on. The official repository of the OpenJPEG project is available at...

6.8CVSS8.1AI score0.07114EPSS
Exploits1
FreeBSD
FreeBSD
added 2016/09/08 12:0 a.m.43 views

openjpeg -- multiple vulnerabilities

Tencent's Xuanwu LAB reports: A Heap Buffer Overflow Out-of-Bounds Write issue was found in function opjdwtinterleavev of dwt.c. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OpenJPEG. An integer overflow issue exists in function...

8.8CVSS6.1AI score0.04702EPSS
Exploits0References2
ArchLinux
ArchLinux
added 2016/09/01 12:0 a.m.44 views

webkit2gtk: multiple issues

CVE-2016-4590 same-origin policy bypass xisigr of Tencents Xuanwu Lab discovered a vulnerability in the way webkit handles URLs, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. - CVE-2016-4591 arbitrary filesystem access ma.la of LINE Corporation discoveered...

7.8CVSS6.7AI score0.18843EPSS
Exploits4References5
ThreatPost
ThreatPost
added 2015/09/21 12:14 p.m.9 views

Adobe Patches 23 Vulnerabilities in Flash Player

Adobe has released a Flash Player update that addresses 23 critical vulnerabilities in the software, many which can lead to code execution. Version 18.0.0.231 and earlier of Flash Player for Windows and Mac, Microsoft Edge and Internet Explorer 11 in Windows 10, and Internet Explorer 10 and 11, a...

1.2AI score
Exploits0References2
Rows per page
Query Builder